The AIM API allows for the check out of the customer within the merchant’s site, it requires SSL certificate for the merchants site and data is to be transferred in an 128-bit encrypted format.

The SIM API on the other hand allows for a hosted check out from Authorize.net’s site. The appearance, look and feel, CSS, logos, header and footer of their site can be customised, so that users experience a similar interface.

Thus a merchant can perform, based on his business need, one of the following:

Using the SIM API, perform the checkout and display the receipt on Authorize.net

Using the SIM API perform the checkout on Authorize.net and display the receipt on merchant's site, by using relay response

Using the SIM API obtain Authorization confirmation on Authorize.net and perform the checkout and display the recipt on the merchant's site

Using AIM API, perform the entire checkout process on merchant's site

The third option above is interesting. The Authorize.net’s SIM provides the flexibility to checkout on merchant’s site for transactions, even without SSL, for the cost of a round trip of http handshakes, just like the Paypal’s Express Checkout API.

Typically, users return back to the merchant site and where the receipt is displayed (case 2) or confirm at the merchant site (case 3). Lets examine the workflow for such a scenario.

Find the total amount payable by user, all inclusive. (incl taxes, shipping)

Generate the fingerprint of transaction, based on merchant login-id, invoice-number, time-stamp and amount using the MD5 hashing library.

Pre-populate all the hidden input form fields for the transaction on the template. (covered in detail, below)

Send the user to Authorize.net when they submit the form, with pre-populated values

After the authentication, the response is posted to merchant site

Verify for success in the response.

If you opted for payment on the authorize.net site itself, display the receipt.

If you have opted for check out at your site, Confirm payment from the user and submit a new request of `x_type = 'PRIOR_AUTH_CAPTURE'`, also include the `x_trans_id` obtained in the response. (preferably as an AJAX request)

If error occurs or if customer cancels, submit a void request.

The integration essentially involves, sending a list of hidden fields in a form to the specified url:

Include the following Required fields in the form, set to appropriate values.

x_fp_hash The fingerprint

x_fp_timestamp
UTC time in seconds since epoch

x_fp_sequence
Invoice number, or a random number

x_login Login ID of merchant, provided by Authorize.net

x_show_form
TRUE, to show form

x_amount Total Amount of the transaction

Set the response type, `x_relay_response` to TRUE, and `url_response` to the url that to which POST has to be posted- We prefer to use the same url which is submitting the request.

Set the `x_type` to `Auth_only` for a checkout at your site, or `Auth_capture` for a checkout at Authorize.net